eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs
History
Erich Blume d7a10a9b1a Enable zot OIDC auth + accessControl, wire CI registry credentials 
Enable authentication on the zot registry with OIDC (via Authentik) and
API key support. Add three-tier accessControl: anonymous read, CI create
(artifact-workloads group), admin full access.

Wire both CI push paths with registry credentials:
- Dagger publish() gains optional registry_password/username params
- Nix/skopeo path adds --dest-creds to skopeo copy

The ZOT_CI_API_KEY secret flows from 1Password through the existing
forgejo_actions_secrets ansible role to both runners.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 09:13:30 -08:00
..
changelog.d Enable zot OIDC auth + accessControl, wire CI registry credentials 2026-02-21 09:13:30 -08:00
explanation Integrate Forgejo with Authentik OIDC (#228) 2026-02-20 17:39:50 -08:00
how-to Enable zot OIDC auth + accessControl, wire CI registry credentials 2026-02-21 09:13:30 -08:00
reference Add dagger to nix-container-builder runner (#234) 2026-02-20 23:09:01 -08:00
tutorials Adopt commit-based container tags (#232) 2026-02-20 22:56:20 -08:00
index.md Fix frontmatter field name for Quartz date display (#158) 2026-02-11 16:45:12 -08:00
quartz.config.ts Move zk cards to docs/zk/ for documentation restructuring (#84) 2026-02-03 09:13:50 -08:00
quartz.layout.ts Move zk cards to docs/zk/ for documentation restructuring (#84) 2026-02-03 09:13:50 -08:00